AS Numbers and Certificates¶
In this user guide, we explain how to request an AS number and AS certificate. They are necessary for connecting an Anapaya appliance to the SCION network.
AS Number¶
Every participant in a SCION network needs their own SCION AS number. Refer to ISD-and-AS-numbering for more details on the numbering scheme.
Currently, Anapaya is the only organization assigning SCION AS numbers for the productive SCION networks. For the SSFN (Secure Swiss Finance Network), SIX is assigning SCION AS numbers on behalf of Anapaya.
Note
The entire 4-byte BGP AS numbering space is reserved for organizations that own the respective BGP AS number. Thus, if your organization already has a BGP AS number assigned by an official BGP numbering authority, it can claim the same SCION AS number.
Request AS Number from Anapaya¶
Reach out to the Anapaya CSE team to request a SCION AS number from Anapaya. Your request should include
your organization details,
your technical contacts responsible for SCION,
and the Isolation Domains you want to connect to.
Note
Once assigned, the AS number and your organization will be added to the Autonomous Systems list.
Request AS Number from SIX (for SSFN participants)¶
Follow the instructions on the SIX SSFN
website on how to apply for a SSFN certificate. In the process, when required to
fill in AS Number
, leave the field empty and SIX will assign an AS number.
AS Certificate¶
A SCION AS needs a SCION AS certificate for every isolation domain it should be part of. Requesting an initial AS certificate is a manual process which is described below. Once the AS certificate is uploaded to the Anapaya appliance, SCION connectivity to the rest of the network can be established. AS certificate renewals are then automated and are performed by the appliance every few days.
Create Certificate Signing Request¶
As a first step, the Certificate Signing Request (CSR) needs to be created. Refer to Generating a Certificate Signing Request for details on how to use the appliance API for this. Make sure you include the relevant subject details.
Note
When creating a CSR for a SCION AS in the SSFN, make sure the values match with the contract values agreed upon with SIX.
Request the AS Certificate¶
In case the CSR was created for a public isolation domain, send the CSR to the Anapaya CSE team.
In case the CSR was created for the SSFN, send the CSR to the SSFN certificate team at SIX.
Install the AS Certificate¶
Once you receive the AS certificate from the issuing party, you need to install it in the Anapaya appliance. Refer to Installing AS Certificates for the necessary commands.